CODEWITHSUNDEEP
pdfsignature
Silas
Silas

Reputation: 981

Signature on a PDF containing attachments

If I apply a digital signature on a PDF file which contains another PDF files attached on it, does the signature apply to the whole document including attachments, or only to the "main" PDF ?

The goal is to detect any modification on any part of the document itself and all the files attached.

Upvotes: 2

Views: 723

Answers (2)

joelgeraci
joelgeraci

Reputation: 4927

The signature on the parent document will calculate it's checksum based on all the bytes in the file. If any of the attachments are modified and saved back to the parent file, you will be able to detect that the entire package has changed but unless you also sign the child documents, you may not be able to tell which of the children was changed.

You may also want to invest in a certificate that is already on the Adobe Approved Trust List so that the document will appear valid when first opened and the use won't need to install your specific certificate. You can read more about this at the URL below.

http://helpx.adobe.com/acrobat/kb/approved-trust-list2.html

Upvotes: 3

Kurt Pfeifle
Kurt Pfeifle

Reputation: 90285

Assume, you have a PDF with attached files. From the point of view of PDF structure and PDF syntax, these attachments are represented by embedding some "standard" PDF objects including "streams".

When you digitally sign this PDF file, the signature is valid for the complete PDF file, consisting of all PDF objects (thusly including the attachments).

Should someone extract a copy of the attached files, modify them and then re-attach these, it will change the contents of the PDF. Hence the signature will become invalid by this change, which leads to the detection of the modification.

What you cannot detect:

  • if a copy of the attachment has been extracted (leaving the original PDF un-modified)

Upvotes: 2

Related Questions